Google’s Take On 2FA

Phishing scams and brute force password attacks are on the rise around the world. For years now, security experts have been issuing the same advice: To secure your accounts turn on two-factor authentication. Two-factor places an extra layer of confirmation between your accounts and anyone trying to access them—confirmation that can only be completed with control over one of your devices, normally a smart phone. Google has recently published results of their own investigations which firmly establish two-factor as the most powerful tool one can use to secure their accounts.

What Makes 2-Factor Work?

Two-factor authentication requires a second input from a device that only you have control over. If you have a mental image from a Cold War Era movie where the President and a top general need to each turn their respective keys at the same time to trigger a missile launch, that’s the sort of failsafe two-factor provides each time you sign into your email. For a hacker to access your account they would not only need to gain control over your standard password, but also your mobile device.

What Kinds of 2-Factor Are Available?

Two-factor authentication can take the multiple forms, including text messages sent to a phone, biometrics (fingerprint scanners or facial recognition), or an authenticator app installed on another device (such as Microsoft or Google Authenticator). The advantage of Google Authenticator is that the app will not be sending anything. When you do the initial setup of Google Authenticator, you take a picture of a QR code with your phone, this launches a randomized algorithm and a seed algorithm. On the backside of your account and within your phone, the same algorithm is performing the same calculations at set intervals, meaning that the account and the app on your mobile device can both generate the same unique code at the same time, without sending anything via data or Wi-Fi. It will even work when your device is in airplane mode.

What Did Google’s Study Find?

Google just wrapped up a year long study with NYU and UC San Diego about effective account security measures (Check out Google’s blog post on this here). The study results were stunning, showing that a text message two-factor authentication challenge resulted in blocking 100% of breach attempts by bots, 96% of bulk phishing attempts and 76% of targeted attacks (attempts by an actual human hacker zeroing in on specific person of interest). This study serves as a strong confirmation of the efficacy of two-factor as the best step individuals and organizations can take to secure their accounts.

If you’d like to learn more about using two-factor authentication to keep your online accounts more secure, talk to your trusted experts at Mankato Computer Technology today.